Information from Samsung, Rolls-Royce, Tesco, Capita and many others exposed by Leaky Database of LeaseSolution
It seems that nowadays, hackers and cybercriminals don’t have to go vulnerability hunting to steal databases. The leaks offer an open invitation to them. Yesterday we had a security researcher leaking the Daimler’s Mercedes-Benz source OLU source code publicly.
Yet another company could have exposed data of big names like Samsung, Rolls-Royce, Tesco, Computacenter, Link Group, Capita, Freightliner, and MC Group and many of its clients through a leaky database hosted on its web server. The company is LeaseSolution and offers office spaces on lease to big tech companies.
The leaky database was discovered by a British cybersecurity firm TurgenSec. According to TurgenSec, the database contains 6 million database entries detailing confidential business information from nine companies including Samsung and Rolls-Royce.
The records included basic contact information of customers, VIP job titles, postal and email addresses, phone numbers, and so on. They also contain a list of assets the clients had leased – offices, workshops, corporate jets, industrial machinery, etc.
Following TurgenSec’s discovery, UK-based LeaseSolution took down the website. They relaunched the updated website on Monday but it is still on the unencrypted server.
LeaseSolution is legally required to notify the British Information Commissioner’s Office of any data breach within 48 hours of being notified. TurgenSec notified LeaseSolution of its discovery on 15 April. However, there is no information on whether LeaseSolution has approached the ICO.
This database could be very valuable to terrorists, cybercriminals, and stalkers. The database can give potential terrorists exact locations of the big tech company offices, factories, and aircraft.